AvMed data breach case opens door for ID theft claims

A recent federal appeals court ruling may narrow the burden for plaintiffs to prove that they are victims of identity theft as result of a data breach.

Plaintiffs Juana Curry and William Moore alleged in a class-action lawsuit filed in 2010 that they sustained ID theft following an incident the year prior in which two unencrypted laptops, containing the personal information of 1.2 million customers, were stolen from Florida health insurer AvMed. (The victim total initially was much lower, but later revised by the company).

In August 2011, a U.S. District Court judge dismissed the case after concluding that the plaintiffs were unable to represent "injury" as a result of the laptop thefts.

But earlier this month, the 11th U.S. Circuit Court of Appeals, in a 2-1 decision (PDF), ruled that the plaintiffs were "explicitly" able to prove a link between the breach and ID theft they incurred.

The plaintiffs contended that roughly a year after the incident, bank and brokerage accounts were opened in their names, resulting in unauthorized charges and transactions. They were forced to spend money to place fraud alerts and purchase identity theft protection services, among other costs.

Get SC Media delivered to your inbox

SC Media Featured White Paper of the Day

SC Media Newswire

SC Media Product/Industry Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.